Filtered by vendor Vmware Subscriptions
Total 902 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-22038 1 Vmware 1 Installbuilder 2024-11-21 8.8 High
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers.
CVE-2021-22037 1 Vmware 1 Installbuilder 2024-11-21 7.8 High
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers.
CVE-2021-22036 1 Vmware 2 Vrealize Automation, Vrealize Orchestrator 2024-11-21 6.5 Medium
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.
CVE-2021-22035 1 Vmware 3 Cloud Foundation, Vrealize Log Insight, Vrealize Suite Lifecycle Manager 2024-11-21 4.3 Medium
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
CVE-2021-22034 1 Vmware 1 Vrealize Operations Tenant 2024-11-21 7.5 High
Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability.
CVE-2021-22033 1 Vmware 3 Cloud Foundation, Vrealize Operations, Vrealize Suite Lifecycle Manager 2024-11-21 2.7 Low
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
CVE-2021-22029 1 Vmware 1 Workspace One Uem Console 2024-11-21 7.5 High
VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting.
CVE-2021-22027 1 Vmware 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager 2024-11-21 7.5 High
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.
CVE-2021-22026 1 Vmware 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager 2024-11-21 7.5 High
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.
CVE-2021-22025 1 Vmware 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager 2024-11-21 7.5 High
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.
CVE-2021-22024 1 Vmware 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager 2024-11-21 7.5 High
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.
CVE-2021-22023 1 Vmware 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager 2024-11-21 7.2 High
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.
CVE-2021-22022 1 Vmware 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager 2024-11-21 4.9 Medium
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.
CVE-2021-22021 1 Vmware 2 Cloud Foundation, Vrealize Log Insight 2024-11-21 5.4 Medium
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
CVE-2021-22020 1 Vmware 2 Cloud Foundation, Vcenter Server 2024-11-21 5.5 Medium
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.
CVE-2021-22019 1 Vmware 2 Cloud Foundation, Vcenter Server 2024-11-21 7.5 High
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.
CVE-2021-22018 1 Vmware 2 Cloud Foundation, Vcenter Server 2024-11-21 6.5 Medium
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.
CVE-2021-22017 1 Vmware 1 Vcenter Server 2024-11-21 5.3 Medium
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.
CVE-2021-22016 1 Vmware 2 Cloud Foundation, Vcenter Server 2024-11-21 6.1 Medium
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.
CVE-2021-22015 1 Vmware 2 Cloud Foundation, Vcenter Server 2024-11-21 7.8 High
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.